Almost all spam I receive is from Gmail. It's gotten so bad I've actually setup a filter that routes everything from @gmail.com into spam - except for some whitelisted email addresses. G Suite is fine, it's only @gmail.com that is an issue

And yes, it's genuinely from Gmail; valid SPF, valid DKIM, came from a Google IP address, etc...

To say the biggest source is Gmail might be technically wrong though - I suspect there's a large volume of spam that Migadu (my provider) is dropping before it even reaches my inbox, i.e. emails that it is 100% sure are spam and it can just drop. Nevertheless, an overwhelming amount of spam I observe/have to deal with is coming from Gmail. Second to that is outlook/hotmail.

> To say the biggest source is Gmail might be technically wrong though - I suspect there's a large volume of spam that Migadu (my provider) is dropping before it even reaches my inbox, i.e. emails that it is 100% sure are spam and it can just drop. Nevertheless, an overwhelming amount of spam I observe/have to deal with is coming from Gmail. Second to that is outlook/hotmail.

This. It's more likely to be survivorship bias -- the gmail emails happen to survive because gmail is more trusted.

Isn't Bitwarden Server AGPL?

If not, you can link me to the alternative?

One popular server implementation is Vaultwarden (originally called bitwarden_rs), implemented in Rust. [1] The Vaultwarden wiki [2] has more details.

[1]: https://github.com/dani-garcia/vaultwarden

[2]: https://github.com/dani-garcia/vaultwarden/wiki

The popular alternative is bitwarden-rs, and it's usually chosen because it has a much smaller footprint and is well suited to self-hosting where you only have a handful of users.

The official backend is multi-container and uses a full SQL server install.

Minor nit: they've had to change the name to "vaultwarden".

https://github.com/dani-garcia/vaultwarden#readme

> Note: This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues. Please see #1642 for more explanation.

How did you know to contact Microsoft to have them whitelist your IP? Was that from a DMARC report?

This is the sort of thing that puts me off self-hosting email, as much as I'd like to do it -- it seems like a huge amount of effort, tracking down who I need to shout at this week to have them whitelist my IP address.

Microsoft doesn’t send DMARC reports which made discovering delivery issues all the more problematic.

As far as I know, a lot of DDoS attacks use UDP amplification, which can be prevented if every ISP implements BCP 38; i.e. drop UDP traffic at the edge of their network that has a source that cannot have come from within their network.

EDIT: To clarify, this won't stop layer-7 based DDoS attacks, or anything that uses TCP (like SYN flooding). Just UDP amplification.

>or anything that uses TCP (like SYN flooding)

Plenty of SYN floods spoof IP as well. If you don't need to get the response, and you're behind an ISP that doesn't bother blocking IP spoofing, why would you use your actual IP? It'll make it much harder to actually trace an attack to the actual device doing it. It won't work on devices behind NAT but neither will reflected UDP attacks.

BCP 38 would stop SYN flooding if it is using source address spoofing. It won't stop any attack not based on IP spoofing though.

>On macOS side, the activity is still slow, if not non-existent.

> So if you want this to change, please join us!

I'd like to help, though I feel like I don't know enough C, and I've never used GTK. Is it possible to get a mentor, like you can for Linux kernel development, who can help me write my first few patches?

I've not heard of this. How does one go about finding a mentor to help them learn Linux kernel development?

A popular opinion among the team is that none of us know C at all :) So you'll fit right in!

If you don't mind hanging around IRC in Europe afternoon/evening time, you can ask questions to the few devs that are there.

>A vending machine on another uni's campus replying to your pings

Really? Wow. I can't even ping internal AWS services (like the EC2 Metadata Service, NTP, or DNS). Nothing responds to ICMP Echo anymore, and it makes me sad. Lately it feels like `ping' has become useless

Why are we doing this to ourselves?

> Why are we doing this to ourselves?

Ping flood attacks. A lot of the early protocols have had to be discarded because they had all the privacy and security of a postcard.

Is there any way to add a close button (or any button) through the IPC mechanism? I know you can do something like $Mod+x to close a window, but I'd honestly rather just use a button. Maybe the button can have a tooltip reminding you what close is set to

I have a feeling the i3 maintainers won't want to add a close button, however.

When you full screen some windows that have window decorators turned on (like browsers) then they show the minimise, close, maximise buttons. However, I always try to use the built in hot keys for closing a program rather than unceremoniously killing them with the close client hotkey.

Is that a very recent change? I don't know that I've ever noticed that on macOS, but I started using this OS around Lion, I think

    Estimated Cost to Develop (organic) $467,287,312
    Estimated Schedule Effort (organic) 142.185717 months
    Estimated People Required (organic) 291.973834

Where does this come from? Does cloc now try to estimate how much time/money would be required to build software?

I'd be interested what it thinks of my code. Do you have to give it a lot of code for these numbers to appear?

That's probably sloccount or scc, not cloc.

At least for sloccount, the cost/effort estimation model has very little to do with reality in the modern world though.

They legally ban them. If you are catched using one you go to jail.